Emerging Tech

Truly unbreakable encryption trips the light fantastic

Encryption has always been a hot topic for government agencies, going back to the earliest days. And since we’ve put so much effort into it, of course we would get a few things right over the years.

More Info

The key to crypto? It’s in the key

The National Institute of Standards and Technology has issued guidance on generating keys to be used with approved algorithms. Read more.

Did you hear about the skeletal carrier pigeon from World War II that was found inside a chimney in England, still clutching his final message? Because the daily cipher for that date is currently lost, we may never be able to decode the contents of the bird’s note, though if it had landed safely at its destination on time, decoding the message would have been easy for authorized personnel.

The pigeon’s message is an example of a one-time pad type of encryption, which, as unsuccessful efforts to crack it proved, is impossible to break. But it makes for a difficult way to communicate because both the person sending the message and the person receiving it need to have what is essentially time-based private keys. They can’t securely communicate outside of the parameters they have previously set up without first going over the new schemes.

Modern computers allow for quicker and more robust encryption because of the use of public and private keys. One key is public. It’s essentially a mathematical formula as to how the message will be decoded. The second key is private, known only to the sender and the receiver. The problem with that scheme is that really powerful computers can possibly crack the encryption within a reasonable amount of time, or might simply get lucky and do so very quickly. It’s not a huge concern in most cases, but it does pose problems for the most secure government communications.

Toshiba and Cambridge University have come up with a way to allow for both parties in an encrypted communication to posess private keys without first meeting. So users would get the convenience of a public-key, anytime transaction, with the security the pigeon enjoyed with private-only keys. The challenge is that the only way to do this is to send the private key along with the message, which of course means the entire thing is vulnerable to interception, not something you want with your secret codes. However, scientists using quantum physics found a way to make it work, though only under certain circumstances.

The solution, according to a scientific paper published in the Physical Review X science journal, is that the private key is sent into the fibers of a fiber-optic cable along with the message and all the colored light the cable generates. By using sensors at different parts of the cable, the actual private key can be time-encoded and pulled from the rest of the pulses of light. However, this all happens extremely quickly, to the point that if someone tried to measure the light pulses to get the key, the act of doing do would slow down the light, messing up the transmission and providing clear evidence that the feed was being hacked.

In truth, there are few places even in government where this new unbreakable code architecture could be used now. The technology allows for only a 56-mile long channel, so even our old pigeon could fly farther. But for really super-secret data exchanges between relatively close government agencies — say, a network within the Pentagon itself, or two agencies involved in national security — this could provide a completely unbreakable code that doesn’t need birdseed, won’t get trapped inside chimneys and gives instant warning if anyone attempts to hack it.

inside gcn

Reader Comments

Sat, Dec 1, 2012
Clive Robinson

John Breeden II,
"There is no such thing as..."
That rather depends on your view point and how long you have and how much energy you have.
A one time pad is considered unbreakable under certain circumstances.
Primarily,
The key stream is generated Truley Randomly.
The Key stream is only ever used once.
No copies of the keystream exist outside those of the sender and the recipient, and they destroy them after use.
Thus much of the security is not in the sending of the message but in handeling the keystream or as it is more commonly known KeyMat (short for keying material).
Quantum Key Distribution depends on a couple of "theories" that are believed to be true from our basic understanding of the quantum world. In essence is the important one of a single photon being neither divisable or in some way predictable to an outside observer without it being detected by the recipient.
Now whilst I'm happy with both the theory and practical implementation of One Time Pads, the same cannot be said for my feelings about QKD.
In essence Quantum Theory is just that a "reaonable guess of how the universe works and a mathematical model that supports both the guess and all practical experiments so far carried out". Now the problem with a theory is that at some point in the future an experiment might show the mathmatical model is wrong. This happened with Newtons theories on matter and motion and it appear that Einstein's replacment is holding up so far. But quantum mechanics and relativity are both active areas of scientific investigation so who knows...
Now for most practical uses Newton's theories will get you around our solar system without undue issues and Einstein's theories are only needed if what we are trying to do is occuring at or above a sizable fraction of the speed of light (which means mobile phone networks and GPS systems bump into it from time to time).
But security is not about "normal practicalities" it's about ALL practicalities including the exceptional and arguably those that are currently unknown.
And QKD has to be looked at in that light and so far most practical implementations have been found 'wanting" for various reasons.
But most if not all the failings so far found are implementation not theory issues. So it should be possible if the theory holds up to actually make an unbreakable QKD system if the practical issues can be solved in a future proof way (which is an open debate currently).

Fri, Nov 30, 2012
Matt
Philly

Actually there are encryption methods that are "unbreakable." Look up "One Time Pad" for an example. It is true that there is no unbreakable encryption scheme that can be practically used to transmit sensitive data between parties that cannot exchange a the secure key through a different, protected method (i.e. mailing a usb stick with a one time pad saved on it). Also to be truly unbreakable the key must be at least as large as the message. So if you have a means to securely (cannot be intercepted by an attacker) share the key with a second party, you might as well just send them the plain text message, since it is the same size or smaller than the key you were going to send.

Thu, Nov 29, 2012

There is no such thing as unbreakable if it is connected to ANYTHING else.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.